Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401857.roa
File:                     AS401857.roa (raw, json)
Hash identifier:          f8L5TrRTkI99+Dbwt1/4eR2BCFsEnxMlLxDfpGjvzrY=
Subject key identifier:   FD:C0:59:39:B8:0F:FB:94:FE:A0:31:8D:D0:32:A3:6A:76:D5:58:1B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3410FE70F6351BA1258EE6E776D4A5F0C7C739C4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401857.roa
Signing time:             Tue 31 Mar 2026 08:58:42 +0000
ROA not before:           Tue 31 Mar 2026 08:53:42 +0000
ROA not after:            Tue 30 Mar 2027 08:58:42 +0000
asID:                     401857
IP address blocks:        181.215.55.0/24 maxlen: 24
                          191.101.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:10:fe:70:f6:35:1b:a1:25:8e:e6:e7:76:d4:a5:f0:c7:c7:39:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 31 08:53:42 2026 GMT
            Not After : Mar 30 08:58:42 2027 GMT
        Subject: CN=FDC05939B80FFB94FEA0318DD032A36A76D5581B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:47:44:ce:7f:07:63:6b:7f:ff:fd:88:d1:6b:
                    15:e7:9b:1e:a6:e4:95:1e:89:fe:35:2c:b4:3a:23:
                    a5:2e:54:d2:42:95:36:91:c8:9b:16:4b:a8:9c:6e:
                    bf:a2:29:ae:73:f5:0b:1a:4c:f9:46:5e:7e:fe:b3:
                    f7:8a:83:45:d7:7b:5d:01:b2:a4:08:32:80:c2:f5:
                    c1:bf:c4:da:c3:6b:55:d0:cf:e7:89:ac:dd:4a:92:
                    dd:82:57:07:ee:a3:30:c1:d0:7d:2c:55:98:d3:df:
                    77:50:1b:55:a4:a5:4b:ec:90:9a:af:25:fd:39:c1:
                    30:a2:3d:a0:a8:62:58:5f:ee:c1:af:c5:53:65:20:
                    c0:d9:77:7d:a0:0c:94:6c:13:cc:d3:ea:38:21:17:
                    3b:23:19:72:01:4e:cf:3d:79:bf:f2:52:cb:f7:aa:
                    25:43:8c:5e:bc:9c:49:9c:f5:d3:4d:7a:7b:7a:f4:
                    f3:75:d3:2b:b7:94:10:f1:c7:00:28:73:a6:25:ea:
                    41:cd:59:46:a5:51:72:05:f6:34:e6:57:44:e1:93:
                    97:e5:71:98:27:e3:bb:31:34:ec:d4:82:7b:13:32:
                    51:a5:1b:36:ca:00:c6:a9:71:e1:61:7f:c0:39:bb:
                    e6:d7:bb:ee:34:d8:1a:35:89:52:0a:11:c8:7c:04:
                    95:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C0:59:39:B8:0F:FB:94:FE:A0:31:8D:D0:32:A3:6A:76:D5:58:1B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401857.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.55.0/24
                  191.101.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:81:06:93:f4:fd:3c:0d:06:5d:af:b1:06:70:4e:70:16:0d:
         a7:c9:e5:82:9e:bb:36:7e:64:1e:8f:4f:f4:8b:52:06:64:a5:
         ac:7a:f6:7a:92:65:4a:62:31:3f:40:3f:6c:69:2b:4c:5e:de:
         3f:aa:a0:b7:02:c2:e4:7c:59:0b:24:1a:5f:f7:33:a0:3a:28:
         75:71:7c:2b:c7:f2:1e:73:7e:28:ac:6a:4f:a3:1e:37:03:da:
         10:94:08:f4:ef:95:30:0b:e8:a5:0c:b2:0f:97:73:58:b9:7c:
         d4:1a:43:1e:94:3b:e9:2b:6e:52:0a:a9:f6:65:9b:c0:84:09:
         2a:6c:b2:db:37:6e:34:34:d9:f6:02:5d:6d:aa:30:36:bb:53:
         54:16:a0:ed:9a:33:9d:5c:72:6d:9c:ac:0a:bd:1f:45:54:24:
         29:1c:c7:ea:d3:0a:94:91:f8:4d:f1:5d:c7:11:74:d4:21:4c:
         3c:68:7e:d8:46:a3:e5:61:91:5a:71:e9:1a:78:81:8a:03:78:
         66:68:6d:91:16:ca:09:d6:e3:4b:90:b5:c2:36:b9:c9:3a:00:
         7c:10:66:a2:89:76:39:9d:ef:16:fd:d1:d5:00:55:34:4d:93:
         48:98:69:0a:5b:8d:86:3a:33:79:9a:9c:3b:f9:fa:87:ec:a7:
         64:37:0d:5d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNBD+cPY1G6EljubndtSl8MfHOcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMzEwODUzNDJaFw0yNzAzMzAwODU4NDJaMDMxMTAvBgNV
BAMTKEZEQzA1OTM5QjgwRkZCOTRGRUEwMzE4REQwMzJBMzZBNzZENTU4MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwR0TOfwdja3///YjRaxXnmx6m
5JUeif41LLQ6I6UuVNJClTaRyJsWS6icbr+iKa5z9QsaTPlGXn7+s/eKg0XXe10B
sqQIMoDC9cG/xNrDa1XQz+eJrN1Kkt2CVwfuozDB0H0sVZjT33dQG1WkpUvskJqv
Jf05wTCiPaCoYlhf7sGvxVNlIMDZd32gDJRsE8zT6jghFzsjGXIBTs89eb/yUsv3
qiVDjF68nEmc9dNNent69PN10yu3lBDxxwAoc6Yl6kHNWUalUXIF9jTmV0Thk5fl
cZgn47sxNOzUgnsTMlGlGzbKAMapceFhf8A5u+bXu+402Bo1iVIKEch8BJXbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/cBZObgP+5T+oDGN0DKjanbVWBswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxODU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdc3
AwQAv2VMMA0GCSqGSIb3DQEBCwUAA4IBAQCagQaT9P08DQZdr7EGcE5wFg2nyeWC
nrs2fmQej0/0i1IGZKWsevZ6kmVKYjE/QD9saStMXt4/qqC3AsLkfFkLJBpf9zOg
Oih1cXwrx/Iec34orGpPox43A9oQlAj075UwC+ilDLIPl3NYuXzUGkMelDvpK25S
Cqn2ZZvAhAkqbLLbN240NNn2Al1tqjA2u1NUFqDtmjOdXHJtnKwKvR9FVCQpHMfq
0wqUkfhN8V3HEXTUIUw8aH7YRqPlYZFacekaeIGKA3hmaG2RFsoJ1uNLkLXCNrnJ
OgB8EGaiiXY5ne8W/dHVAFU0TZNImGkKW42GOjN5mpw7+fqH7KdkNw1d
-----END CERTIFICATE-----